Revert "fix: splunk for windows config errors"

This reverts commit 13347df263.
2024-11-06 17:35:19 +00:00 · 2021-04-25 21:52:29 +02:00 · 2021-04-25 21:52:29 +02:00 · 08234c4620
commit 08234c4620
parent d766c12888
1 changed files with 7 additions and 7 deletions
--- a/tools/config/splunk-windows.yml
+++ b/tools/config/splunk-windows.yml
@ -8,27 +8,27 @@ logsources:
    product: windows
    service: application
    conditions:
-      source: 'Application'
+      source: 'WinEventLog:Application'
  windows-security:
    product: windows
    service: security
    conditions:
-      source: 'Security'
+      source: 'WinEventLog:Security'
  windows-system:
    product: windows
    service: system
    conditions:
-      source: 'System'
+      source: 'WinEventLog:System'
  windows-sysmon:
    product: windows
    service: sysmon
    conditions:
-      source: 'Microsoft-Windows-Sysmon/Operational'
+      source: 'WinEventLog:Microsoft-Windows-Sysmon/Operational'
  windows-powershell:
    product: windows
    service: powershell
    conditions:
-      source: 'Microsoft-Windows-PowerShell/Operational'
+      source: 'WinEventLog:Microsoft-Windows-PowerShell/Operational'
  windows-classicpowershell:
    product: windows
    service: powershell-classic
@ -38,12 +38,12 @@ logsources:
    product: windows
    service: taskscheduler
    conditions:
-      source: 'Microsoft-Windows-TaskScheduler/Operational'
+      source: 'WinEventLog:Microsoft-Windows-TaskScheduler/Operational'
  windows-wmi:
    product: windows
    service: wmi
    conditions:
-      source: 'Microsoft-Windows-WMI-Activity/Operational'
+      source: 'WinEventLog:Microsoft-Windows-WMI-Activity/Operational'
  windows-dns-server:
    product: windows
    service: dns-server